Hi,

RolesWithReadAccess is an extension method that is automatically indexed with IContent so that Roles that have read access is indexed. This is done so that you later can filter for the different roles that the user have that is seraching at the moment.

The easiest and recommended way is to use the method FilterForVisitor when searching. This is done if you are using the UnifiedSearch which in turn is the recommended way to build search pages if that is what you are doing.

-Marcus

The general pattern for access rights filtering with Find as well as other search solutions is:

1. Ensure that each document (thing in the index) has a list of who should be able to see it.
2. When searching, add filters that excludes documents whos list of users and groups that should be able to see it doesn't contain the current user and any groups that he or she is in.

In the case of CMS content with Find step 1 is already taken care of as the return value of RolesWithReadAccess (and UsersWithReadAccess in later versions of the .NET/CMS integration) is automatically indexed. This means that all you have to do for pages is step 2. Do do that you:

1. Figure out what groups the user is a member of.
2. Iterate over those groups and build a filter that requires the RolesWithReadAccess field to contain at least one of those groups.
3. Add the filter created in step 2 to a search query.

As Marcus writes there are also helper methods in later versions of the .NET API/CMS integration that can take care of the above steps for you.

In case you need to implement the filtering manually (you may for instance not be searching for CMS content), you can retrieve a list of the user's roles using:

//using EPiServer.Security;

var roles = PrincipalInfo.Current.RoleList.ToList();

If the site is utilizing virtual roles you can add them as well by first retrieving all virtual roles and the check if the current user is in each of them.

Hi, 

thanks for your response !! 

I'm stil not clear. What does this line of code means - " Filter(x=>x.RolesWithReadAccess().Match("Everyone"))" ? I mean the functionality of RolesWithReadAccess(). what is the return value for this method ?

Thanks.

Hi,

That example code adds a filter to the search request. The return value is the modified search query which you can continue to build upon or execute.

The filter that that specific code adds will modify the search request so that only pages which are visible to the group "Everyone" is returned. That's often enough on a public web site while on an intranet you also add any groups that the current user is in. Again though, never versions of Find has a method called FilterForVisitor that handles that for you.

Hi, thanks for your valuable reply !!

As I mentioned in my earlier post, how groups (created in AD) can be added automatically to this filter ? 

var filter = Client.BuildFilter<PageData>();

var roles = PrincipalInfo.Current.RoleList.ToList();

foreach(var role in roles)

{

  filter = filter.Or(x => x.RolesWithReadAcces().Match(role));

}

SearchClient.Instance.Search<PageData>().Filter(filter).GetPagesResult();

Something like that :)

Hi, I'm just trying to do the same filter by 'RolesWithReadAcces' on 'ContentBase' type. 

var filter = Client.BuildFilter<ContentBase>();

It gives me this error: 'ContentBase' does not contain a definition for 'RolesWithReadAccess'

But ContentBase inherited types have 'RolesWithReadAccess' data in the find index. Why is this not possible?